m
Manish
05/06/2024, 4:42 AMHi
While upgrading spicedb if we face any issue with upgraded version, any documentation on how can we revert to older version of spicedb. Thanks
v
vroldanbet
05/06/2024, 7:28 AMthere is no documentation of reverts. Which version are you at and what do you want to revert to?
vroldanbet
05/06/2024, 7:28 AMalso, what is the issue?
m
Manish
05/06/2024, 7:39 AMWe are analysing the revert options, because we are upgrading from v1.2.0 to latest manually.
Our data store is postgres and we want to figure-out the rollback strategy beforehand if happen unexpected how fast can we revert to previous version.
We are running spicedb in kubernetes as a stand alone deployment along with our application.
Manish
05/06/2024, 7:45 AM@vroldanbet QQ : Any reason why spicedb not have rollback strategy is there any specific reason?
v
vroldanbet
05/06/2024, 7:52 AMYou can rollback SpiceDB, so long it's not a 4-phase migration. If there is a 4-phase migration, there is no way back, because the process the data model will be changed in an incompatible way. Postgres datastore has at least one 4-phase migration that takes place in version v1.14, so that'd be the sensitive one.
Here is a list of all the database migrations in the postgres datastore: https://github.com/authzed/spicedb-operator/blob/main/validated-update-graph.yaml#L255-L353
vroldanbet
05/06/2024, 7:53 AMSo up to 1.14 it should in theory be possible to rollback. Once you are past 1.14-phase2, there is no way back
m
Manish
05/06/2024, 9:23 AMThanks @vroldanbet
Manish
05/06/2024, 9:58 AM@vroldanbet
spicedb migrate headspicedb migratev
vroldanbet
05/06/2024, 10:00 AMThat is correct, but perhaps to further clarify: it migrates to the latest datastore version of current spicedb version. So if you run
spicedb migrate headvroldanbet
05/06/2024, 10:00 AMif you wan to migrate to v1.10.0, the you need to use the docker container for SpiceDB v1.10.0 and run
spicedb migrate headm
Manish
05/06/2024, 10:05 AMGot it
v
vroldanbet
05/06/2024, 10:08 AMmy recommendation would be to bite the bullet and migrate to the
spicedb-operatorm
Manish
05/06/2024, 11:08 AMWith kubernetes-operator can we control the version upto which we want to update.
Reason for asking this we don't want to jump from v1.2.0 to latest in single go our service manages auth and permission for multiple teams and we can't handle any downtime on this. And if we use kubernetes operator any kind of fault toleration is there? Also if there is any change on the API side and our service stuck because of that it can be a huge impact for us.
v
vroldanbet
05/06/2024, 11:13 AMyes you can control the version
vroldanbet
05/06/2024, 11:14 AMI understand you don't want to do a big version jump - the operator has you covered with various options like version pinning and update-channels
vroldanbet
05/06/2024, 11:15 AMThe operator also handles when cluster has issues while rolling and does not remove the previous version until the new cluster is healthy
vroldanbet
05/06/2024, 11:16 AMre: API unless you are in v0 spicedb API, there is no API breakage. Again, the operator supports pinning to specific versions
m
Manish
05/06/2024, 11:52 AMGreat, let us evaluate this also.
> cluster has issues while rolling
We are just running single container of spicedb as a separate deployment along with our application deployment I hope that is not an issue.
We just need to deploy the spicedb operator in the same namespace and pin the version upto which we want to upgrade. Correct?
v
vroldanbet
05/06/2024, 12:16 PM>We are just running single container of spicedb as a separate deployment along with our application deployment I hope that is not an issue.
I don't see anything in this setup that would be an issue, it's the usual deployment model for SpiceDB. It's just a regular deployment using SpiceDB right? not injecting it as sidecar or anything like that? and you have more than 1 replicas I assume
>We just need to deploy the spicedb operator in the same namespace and pin the version upto which we want to upgrade. Correct?
IT does not have to be in the same namespace, unless you don't want to be doing cluster roles.
I'd strongly recommend you run this whole procedure in an staging environment first, so you do a trial run of the various steps.
The SpiceDB-Operator will create its own SpiceDB Deployment after your apply
SpiceDBCluster1.2.0DeploymentDeploymentm
Manish
05/06/2024, 12:41 PM>It's just a regular deployment using SpiceDB right?
yes
Manish
05/06/2024, 12:42 PMThanks for the detailed answer.
Manish
05/13/2024, 2:31 AMHi @vroldanbet,
If I am upgrading from v1.13.0 to v1.14.0 which includes 4 phase migration for postgres datastore and I can take some downtime while upgrading.
My deployment for v1.13.0 is up and running, how can I stop the current running version scaling down deployment for v1.13.0 to zero is fine?
And then rollout deployment with v1.14.0 which already have
spicedb migrate headv
vroldanbet
05/13/2024, 8:32 AM@Manish 👋 it would be fine to scale to zero and run the migration. However, the issue with this migration is that it's a data migration, so the duration of the downtime is heavily dependent on the amount of data stored in your postgres - it has to go over all the rows in the database and perform a transformation over them. It may not be a "short" downtime, it could take from several minutes to even hours depending on the amount of data you stored.
vroldanbet
05/13/2024, 8:34 AMSteps would be:
- scale in your 1.13 to zero replicas
- run
spicedb migrate headm
Manish
05/13/2024, 9:49 AMSure thanks
Manish
05/13/2024, 9:50 AMAlso Spicedb v1.13.0 supports postgres 15?
v
vroldanbet
05/13/2024, 10:06 AMI can say that version 1.14 does require version 14 at least. I don't have reasons to believe it wouldn't work with 15, specially since we made it a requirement later on.
vroldanbet
05/13/2024, 10:07 AMBut I can't guarantee since we only started testing with 15 in a later spicedb version
m
Manish
05/13/2024, 10:40 AMOkay we will test and update it here for others.